net: atlantic: MACSec ingress offload HW bindings (b8f8a0b7) · Commits · 戴 / test

drivers/net/ethernet/aquantia/atlantic/macsec/MSS_Ingress_registers.h

0 → 100644

+77 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0-only */
		/* Atlantic Network Driver
		* Copyright (C) 2020 Marvell International Ltd.
		*/

		#ifndef MSS_INGRESS_REGS_HEADER
		#define MSS_INGRESS_REGS_HEADER

		#define MSS_INGRESS_CTL_REGISTER_ADDR 0x0000800E
		#define MSS_INGRESS_LUT_ADDR_CTL_REGISTER_ADDR 0x00008080
		#define MSS_INGRESS_LUT_CTL_REGISTER_ADDR 0x00008081
		#define MSS_INGRESS_LUT_DATA_CTL_REGISTER_ADDR 0x000080A0

		struct mss_ingress_ctl_register {
		union {
		struct {
		unsigned int soft_reset : 1;
		unsigned int operation_point_to_point : 1;
		unsigned int create_sci : 1;
		/* Unused */
		unsigned int mask_short_length_error : 1;
		unsigned int drop_kay_packet : 1;
		unsigned int drop_igprc_miss : 1;
		/* Unused */
		unsigned int check_icv : 1;
		unsigned int clear_global_time : 1;
		unsigned int clear_count : 1;
		unsigned int high_prio : 1;
		unsigned int remove_sectag : 1;
		unsigned int global_validate_frames : 2;
		unsigned int icv_lsb_8bytes_enabled : 1;
		unsigned int reserved0 : 2;
		} bits_0;
		unsigned short word_0;
		};
		union {
		struct {
		unsigned int reserved0 : 16;
		} bits_1;
		unsigned short word_1;
		};
		};

		struct mss_ingress_lut_addr_ctl_register {
		union {
		struct {
		unsigned int lut_addr : 9;
		unsigned int reserved0 : 3;
		/* 0x0 : Ingress Pre-Security MAC Control FIlter
		* (IGPRCTLF) LUT
		* 0x1 : Ingress Pre-Security Classification LUT (IGPRC)
		* 0x2 : Ingress Packet Format (IGPFMT) SAKey LUT
		* 0x3 : Ingress Packet Format (IGPFMT) SC/SA LUT
		* 0x4 : Ingress Post-Security Classification LUT
		* (IGPOC)
		* 0x5 : Ingress Post-Security MAC Control Filter
		* (IGPOCTLF) LUT
		* 0x6 : Ingress MIB (IGMIB)
		*/
		unsigned int lut_select : 4;
		} bits_0;
		unsigned short word_0;
		};
		};

		struct mss_ingress_lut_ctl_register {
		union {
		struct {
		unsigned int reserved0 : 14;
		unsigned int lut_read : 1;
		unsigned int lut_write : 1;
		} bits_0;
		unsigned short word_0;
		};
		};

		#endif /* MSS_INGRESS_REGS_HEADER */

drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.c

+997 −0

File changed.

Preview size limit exceeded, changes collapsed.

drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.h

+148 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,27 @@
		#include "aq_hw.h"
		#include "macsec_struct.h"

		#define NUMROWS_INGRESSPRECTLFRECORD 24
		#define ROWOFFSET_INGRESSPRECTLFRECORD 0

		#define NUMROWS_INGRESSPRECLASSRECORD 48
		#define ROWOFFSET_INGRESSPRECLASSRECORD 0

		#define NUMROWS_INGRESSPOSTCLASSRECORD 48
		#define ROWOFFSET_INGRESSPOSTCLASSRECORD 0

		#define NUMROWS_INGRESSSCRECORD 32
		#define ROWOFFSET_INGRESSSCRECORD 0

		#define NUMROWS_INGRESSSARECORD 32
		#define ROWOFFSET_INGRESSSARECORD 32

		#define NUMROWS_INGRESSSAKEYRECORD 32
		#define ROWOFFSET_INGRESSSAKEYRECORD 0

		#define NUMROWS_INGRESSPOSTCTLFRECORD 24
		#define ROWOFFSET_INGRESSPOSTCTLFRECORD 0

		#define NUMROWS_EGRESSCTLFRECORD 24
		#define ROWOFFSET_EGRESSCTLFRECORD 0

		@@ -114,6 +135,133 @@ int aq_mss_set_egress_sakey_record(struct aq_hw_s *hw,
		const struct aq_mss_egress_sakey_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress
		* Pre-MACSec CTL Filter table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 23).
		*/
		int aq_mss_get_ingress_prectlf_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_prectlf_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress Pre-MACSec CTL Filter table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 23).
		*/
		int aq_mss_set_ingress_prectlf_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_prectlf_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress
		* Pre-MACSec Packet Classifier table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 47).
		*/
		int aq_mss_get_ingress_preclass_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_preclass_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress Pre-MACSec Packet Classifier table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 47).
		*/
		int aq_mss_set_ingress_preclass_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_preclass_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress SC
		* Lookup table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 31).
		*/
		int aq_mss_get_ingress_sc_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_sc_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress SC Lookup table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 31).
		*/
		int aq_mss_set_ingress_sc_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_sc_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress SA
		* Lookup table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 31).
		*/
		int aq_mss_get_ingress_sa_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_sa_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress SA Lookup table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 31).
		*/
		int aq_mss_set_ingress_sa_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_sa_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress SA
		* Key Lookup table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 31).
		*/
		int aq_mss_get_ingress_sakey_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_sakey_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress SA Key Lookup table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 31).
		*/
		int aq_mss_set_ingress_sakey_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_sakey_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress
		* Post-MACSec Packet Classifier table, and unpack it into the
		* fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 48).
		*/
		int aq_mss_get_ingress_postclass_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_postclass_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress Post-MACSec Packet Classifier table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 48).
		*/
		int aq_mss_set_ingress_postclass_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_postclass_record *rec,
		u16 table_index);

		/*! Read the raw table data from the specified row of the Ingress
		* Post-MACSec CTL Filter table, and unpack it into the fields of rec.
		* rec - [OUT] The raw table row data will be unpacked into the fields of rec.
		* table_index - The table row to read (max 23).
		*/
		int aq_mss_get_ingress_postctlf_record(struct aq_hw_s *hw,
		struct aq_mss_ingress_postctlf_record *rec,
		u16 table_index);

		/*! Pack the fields of rec, and write the packed data into the
		* specified row of the Ingress Post-MACSec CTL Filter table.
		* rec - [IN] The bitfield values to write to the table row.
		* table_index - The table row to write(max 23).
		*/
		int aq_mss_set_ingress_postctlf_record(struct aq_hw_s *hw,
		const struct aq_mss_ingress_postctlf_record *rec,
		u16 table_index);

		/! Get Egress SA expired. /
		int aq_mss_get_egress_sa_expired(struct aq_hw_s hw, u32 expired);
		/! Get Egress SA threshold expired. /

drivers/net/ethernet/aquantia/atlantic/macsec/macsec_struct.h

+383 −0

Original line number	Diff line number	Diff line
		@@ -314,4 +314,387 @@ struct aq_mss_egress_sakey_record {
		u32 key[8];
		};

		/*! Represents the bitfields of a single row in the Ingress Pre-MACSec
		* CTL Filter table.
		*/
		struct aq_mss_ingress_prectlf_record {
		/*! This is used to store the 48 bit value used to compare SA, DA
		* or halfDA+half SA value.
		*/
		u32 sa_da[2];
		/*! This is used to store the 16 bit ethertype value used for
		* comparison.
		*/
		u32 eth_type;
		/*! The match mask is per-nibble. 0 means don't care, i.e. every
		* value will match successfully. The total data is 64 bit, i.e.
		* 16 nibbles masks.
		*/
		u32 match_mask;
		/*! 0: No compare, i.e. This entry is not used
		* 1: compare DA only
		* 2: compare SA only
		* 3: compare half DA + half SA
		* 4: compare ether type only
		* 5: compare DA + ethertype
		* 6: compare SA + ethertype
		* 7: compare DA+ range.
		*/
		u32 match_type;
		/*! 0: Bypass the remaining modules if matched.
		* 1: Forward to next module for more classifications.
		*/
		u32 action;
		};

		/*! Represents the bitfields of a single row in the Ingress Pre-MACSec
		* Packet Classifier table.
		*/
		struct aq_mss_ingress_preclass_record {
		/*! The 64 bit SCI field used to compare with extracted value.
		* Should have SCI value in case TCI[SCI_SEND] == 0. This will be
		* used for ICV calculation.
		*/
		u32 sci[2];
		/! The 8 bit TCI field used to compare with extracted value. /
		u32 tci;
		/! 8 bit encryption offset. /
		u32 encr_offset;
		/*! The 16 bit Ethertype (in the clear) field used to compare with
		* extracted value.
		*/
		u32 eth_type;
		/*! This is to specify the 40bit SNAP header if the SNAP header's
		* mask is enabled.
		*/
		u32 snap[2];
		/*! This is to specify the 24bit LLC header if the LLC header's
		* mask is enabled.
		*/
		u32 llc;
		/! The 48 bit MAC_SA field used to compare with extracted value. /
		u32 mac_sa[2];
		/! The 48 bit MAC_DA field used to compare with extracted value. /
		u32 mac_da[2];
		/*! 0: this is to compare with non-LPBK packet
		* 1: this is to compare with LPBK packet.
		* This value is used to compare with a controlled-tag which goes
		* with the packet when looped back from Egress port.
		*/
		u32 lpbk_packet;
		/*! The value of this bit mask will affects how the SC index and SA
		* index created.
		* 2'b00: 1 SC has 4 SA.
		* SC index is equivalent to {SC_Index[4:2], 1'b0}.
		* SA index is equivalent to {SC_Index[4:2], SECTAG's AN[1:0]}
		* Here AN bits are not compared.
		* 2'b10: 1 SC has 2 SA.
		* SC index is equivalent to SC_Index[4:1]
		* SA index is equivalent to {SC_Index[4:1], SECTAG's AN[0]}
		* Compare AN[1] field only
		* 2'b11: 1 SC has 1 SA. No SC entry exists for the specific SA.
		* SA index is equivalent to SC_Index[4:0]
		* AN[1:0] bits are compared.
		* NOTE: This design is to supports different usage of AN. User
		* can either ping-pong buffer 2 SA by using only the AN[0] bit.
		* Or use 4 SA per SC by use AN[1:0] bits. Or even treat each SA
		* as independent. i.e. AN[1:0] is just another matching pointer
		* to select SA.
		*/
		u32 an_mask;
		/*! This is bit mask to enable comparison the upper 6 bits TCI
		* field, which does not include the AN field.
		* 0: don't compare
		* 1: enable comparison of the bits.
		*/
		u32 tci_mask;
		/*! 0: don't care
		* 1: enable comparison of SCI.
		*/
		u32 sci_mask;
		/*! Mask is per-byte.
		* 0: don't care
		* 1: enable comparison of Ethertype.
		*/
		u32 eth_type_mask;
		/*! Mask is per-byte.
		* 0: don't care and no SNAP header exist.
		* 1: compare the SNAP header.
		* If this bit is set to 1, the extracted filed will assume the
		* SNAP header exist as encapsulated in 802.3 (RFC 1042). I.E. the
		* next 5 bytes after the the LLC header is SNAP header.
		*/
		u32 snap_mask;
		/*! Mask is per-byte.
		* 0: don't care and no LLC header exist.
		* 1: compare the LLC header.
		* If this bit is set to 1, the extracted filed will assume the
		* LLC header exist as encapsulated in 802.3 (RFC 1042). I.E. the
		* next three bytes after the 802.3MAC header is LLC header.
		*/
		u32 llc_mask;
		/! Reserved. This bit should be always 0. /
		u32 _802_2_encapsulate;
		/*! Mask is per-byte.
		* 0: don't care
		* 1: enable comparison of MAC_SA.
		*/
		u32 sa_mask;
		/*! Mask is per-byte.
		* 0: don't care
		* 1: enable comparison of MAC_DA.
		*/
		u32 da_mask;
		/*! 0: don't care
		* 1: enable checking if this is loopback packet or not.
		*/
		u32 lpbk_mask;
		/*! If packet matches and tagged as controlled-packet. This SC/SA
		* index is used for later SC and SA table lookup.
		*/
		u32 sc_idx;
		/*! 0: the packets will be sent to MAC FIFO
		* 1: The packets will be sent to Debug/Loopback FIFO.
		* If the above's action is drop. This bit has no meaning.
		*/
		u32 proc_dest;
		/*! 0: Process: Forward to next two modules for 802.1AE decryption.
		* 1: Process but keep SECTAG: Forward to next two modules for
		* 802.1AE decryption but keep the MACSEC header with added error
		* code information. ICV will be stripped for all control packets.
		* 2: Bypass: Bypass the next two decryption modules but processed
		* by post-classification.
		* 3: Drop: drop this packet and update counts accordingly.
		*/
		u32 action;
		/*! 0: This is a controlled-port packet if matched.
		* 1: This is an uncontrolled-port packet if matched.
		*/
		u32 ctrl_unctrl;
		/*! Use the SCI value from the Table if 'SC' bit of the input
		* packet is not present.
		*/
		u32 sci_from_table;
		/! Reserved. /
		u32 reserved;
		/*! 0: Not valid entry. This entry is not used
		* 1: valid entry.
		*/
		u32 valid;
		};

		/! Represents the bitfields of a single row in the Ingress SC Lookup table. /
		struct aq_mss_ingress_sc_record {
		/! This is to specify when the SC was first used. Set by HW. /
		u32 stop_time;
		/! This is to specify when the SC was first used. Set by HW. /
		u32 start_time;
		/*! 0: Strict
		* 1: Check
		* 2: Disabled.
		*/
		u32 validate_frames;
		/*! 1: Replay control enabled.
		* 0: replay control disabled.
		*/
		u32 replay_protect;
		/*! This is to specify the window range for anti-replay. Default is 0.
		* 0: is strict order enforcement.
		*/
		u32 anti_replay_window;
		/*! 0: when none of the SA related to SC has inUse set.
		* 1: when either of the SA related to the SC has inUse set.
		* This bit is set by HW.
		*/
		u32 receiving;
		/*! 0: when hardware processed the SC for the first time, it clears
		* this bit
		* 1: This bit is set by SW, when it sets up the SC.
		*/
		u32 fresh;
		/*! 0: The AN number will not automatically roll over if Next_PN is
		* saturated.
		* 1: The AN number will automatically roll over if Next_PN is
		* saturated.
		* Rollover is valid only after expiry. Normal roll over between
		* SA's should be normal process.
		*/
		u32 an_rol;
		/! Reserved. /
		u32 reserved;
		/*! 0: Invalid SC
		* 1: Valid SC.
		*/
		u32 valid;
		};

		/! Represents the bitfields of a single row in the Ingress SA Lookup table. /
		struct aq_mss_ingress_sa_record {
		/! This is to specify when the SC was first used. Set by HW. /
		u32 stop_time;
		/! This is to specify when the SC was first used. Set by HW. /
		u32 start_time;
		/*! This is updated by HW to store the expected NextPN number for
		* anti-replay.
		*/
		u32 next_pn;
		/*! The Next_PN number is going to wrapped around from 0XFFFF_FFFF
		* to 0. set by HW.
		*/
		u32 sat_nextpn;
		/*! 0: This SA is not yet used.
		* 1: This SA is inUse.
		*/
		u32 in_use;
		/*! 0: when hardware processed the SC for the first time, it clears
		* this timer
		* 1: This bit is set by SW, when it sets up the SC.
		*/
		u32 fresh;
		/! Reserved. /
		u32 reserved;
		/*! 0: Invalid SA.
		* 1: Valid SA.
		*/
		u32 valid;
		};

		/*! Represents the bitfields of a single row in the Ingress SA Key
		* Lookup table.
		*/
		struct aq_mss_ingress_sakey_record {
		/! Key for AES-GCM processing. /
		u32 key[8];
		/*! AES key size
		* 00 - 128bits
		* 01 - 192bits
		* 10 - 256bits
		* 11 - reserved.
		*/
		u32 key_len;
		};

		/*! Represents the bitfields of a single row in the Ingress Post-
		* MACSec Packet Classifier table.
		*/
		struct aq_mss_ingress_postclass_record {
		/! The 8 bit value used to compare with extracted value for byte 0. /
		u32 byte0;
		/! The 8 bit value used to compare with extracted value for byte 1. /
		u32 byte1;
		/! The 8 bit value used to compare with extracted value for byte 2. /
		u32 byte2;
		/! The 8 bit value used to compare with extracted value for byte 3. /
		u32 byte3;
		/! Ethertype in the packet. /
		u32 eth_type;
		/! Ether Type value > 1500 (0x5dc). /
		u32 eth_type_valid;
		/! VLAN ID after parsing. /
		u32 vlan_id;
		/! VLAN priority after parsing. /
		u32 vlan_up;
		/! Valid VLAN coding. /
		u32 vlan_valid;
		/! SA index. /
		u32 sai;
		/! SAI hit, i.e. controlled packet. /
		u32 sai_hit;
		/! Mask for payload ethertype field. /
		u32 eth_type_mask;
		/*! 0~63: byte location used extracted by packets comparator, which
		* can be anything from the first 64 bytes of the MAC packets.
		* This byte location counted from MAC' DA address. i.e. set to 0
		* will point to byte 0 of DA address.
		*/
		u32 byte3_location;
		/! Mask for Byte Offset 3. /
		u32 byte3_mask;
		/*! 0~63: byte location used extracted by packets comparator, which
		* can be anything from the first 64 bytes of the MAC packets.
		* This byte location counted from MAC' DA address. i.e. set to 0
		* will point to byte 0 of DA address.
		*/
		u32 byte2_location;
		/! Mask for Byte Offset 2. /
		u32 byte2_mask;
		/*! 0~63: byte location used extracted by packets comparator, which
		* can be anything from the first 64 bytes of the MAC packets.
		* This byte location counted from MAC' DA address. i.e. set to 0
		* will point to byte 0 of DA address.
		*/
		u32 byte1_location;
		/! Mask for Byte Offset 1. /
		u32 byte1_mask;
		/*! 0~63: byte location used extracted by packets comparator, which
		* can be anything from the first 64 bytes of the MAC packets.
		* This byte location counted from MAC' DA address. i.e. set to 0
		* will point to byte 0 of DA address.
		*/
		u32 byte0_location;
		/! Mask for Byte Offset 0. /
		u32 byte0_mask;
		/! Mask for Ethertype valid field. Indicates 802.3 vs. Other. /
		u32 eth_type_valid_mask;
		/! Mask for VLAN ID field. /
		u32 vlan_id_mask;
		/! Mask for VLAN UP field. /
		u32 vlan_up_mask;
		/! Mask for VLAN valid field. /
		u32 vlan_valid_mask;
		/! Mask for SAI. /
		u32 sai_mask;
		/! Mask for SAI_HIT. /
		u32 sai_hit_mask;
		/*! Action if only first level matches and second level does not.
		* 0: pass
		* 1: drop (fail).
		*/
		u32 firstlevel_actions;
		/*! Action if both first and second level matched.
		* 0: pass
		* 1: drop (fail).
		*/
		u32 secondlevel_actions;
		/! Reserved. /
		u32 reserved;
		/*! 0: Not valid entry. This entry is not used
		* 1: valid entry.
		*/
		u32 valid;
		};

		/*! Represents the bitfields of a single row in the Ingress Post-
		* MACSec CTL Filter table.
		*/
		struct aq_mss_ingress_postctlf_record {
		/*! This is used to store the 48 bit value used to compare SA, DA
		* or halfDA+half SA value.
		*/
		u32 sa_da[2];
		/*! This is used to store the 16 bit ethertype value used for
		* comparison.
		*/
		u32 eth_type;
		/*! The match mask is per-nibble. 0 means don't care, i.e. every
		* value will match successfully. The total data is 64 bit, i.e.
		* 16 nibbles masks.
		*/
		u32 match_mask;
		/*! 0: No compare, i.e. This entry is not used
		* 1: compare DA only
		* 2: compare SA only
		* 3: compare half DA + half SA
		* 4: compare ether type only
		* 5: compare DA + ethertype
		* 6: compare SA + ethertype
		* 7: compare DA+ range.
		*/
		u32 match_type;
		/*! 0: Bypass the remaining modules if matched.
		* 1: Forward to next module for more classifications.
		*/
		u32 action;
		};

		#endif

Admin message